[strongSwan] OSPF == tons of security associations

Noel Kuntze noel at familie-kuntze.de
Mon Dec 12 16:23:38 CET 2016


Hello Hose,

On 09.12.2016 19:52, Hose wrote:
> If I set up a session without OSPF the excessive SAs do not appear. Each
> of these excessive SAs has barely any traffic on it, such as below:
> 
>        plato{1}:  AES_GCM_8_128, 3457 bytes_i (30 pkts, 7s ago), 752
> bytes_o (11 pkts, 407s ago), rekeying in 30 minutes
> 
>        plato{1}:  AES_GCM_8_128, 7868 bytes_i (87 pkts, 7s ago), 5404
> bytes_o (74 pkts, 407s ago), rekeying in 30 minutes
> 
>        plato{1}:  AES_GCM_8_128, 5789 bytes_i (69 pkts, 7s ago), 3976
> bytes_o (58 pkts, 407s ago), rekeying in 35 minutes
> 

Looks like it's the same IPsec SAs, just a couple of policies for the same SAs.

> The odd thing is that some of the hosts have a handful of SAs, while one
> of them has over 30 in four days. It's not affecting connectivity, it's
> just... odd. There are no weird logs other than the usual SA
> creation/deletion messages.

Full config and logs, please.

-- 

Mit freundlichen Grüßen/Kind Regards,
Noel Kuntze

GPG Key ID: 0x63EC6658
Fingerprint: 23CA BB60 2146 05E7 7278 6592 3839 298F 63EC 6658


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 866 bytes
Desc: OpenPGP digital signature
URL: <http://lists.strongswan.org/pipermail/users/attachments/20161212/0b25ddbf/attachment.sig>


More information about the Users mailing list